Automatic integrity checking of content delivery network files

ABSTRACT

Techniques for automatically generating an integrity check hash value for a content asset served by a third-party server when the content asset is added to a template in a user interface. The techniques include displaying, by the user interface, a visual layout of web content, the UI configured to receive modifications to a component of the web content. The component comprising a template for generating hypertext markup language (HTML) embodying the component. The techniques further include receiving a modification to the component of the web content, wherein the modification includes instructions to include a content asset in the component of the web content and detecting that the content asset is hosted on a third-party server. Additionally, the techniques include generating HTML for the web content, the HTML including an integrity hash value for the content asset based on the template.

BACKGROUND

There is an increasing amount of web content made available via theInternet for consumption by web browsers, web-enabled applications(e.g., smartphone applications, widgets, etc.), and the like.Correspondingly, content delivery networks (CDNs) have become morepopular for distributing the increasing amount of web content moreefficiently. CDNs serve a large fraction of Internet content, forexample, web objects (text, graphics and scripts), downloadable objects(media files, software, documents), applications (e-commerce, portals),live streaming media, on-demand streaming media, and social networks.Additionally, CDNs are increasingly used to host open source softwareand common modules for JavaScript code that are provided to users viaweb browsers and web-enabled applications via the internet. Since CDNsare typically common web servers, the content provided by the CDN may becompromised (e.g., modified by someone to include malicious software)and infect user devices consuming the content from the CDN. Techniqueshave been introduced to increase the security of CDNs and preventcontent that has been compromised being distributed to user devices.However, current techniques require multiple steps and custom code toimplement.

SUMMARY

The techniques introduced herein overcome the deficiencies andlimitations of the prior art, at least in part, with a system and methodfor automatically generating an integrity check hash value for a contentasset served by a third-party server when the content asset is added toa template in a user interface. The techniques include displaying, bythe user interface, a visual layout of web content, the UI configured toreceive modifications to a component of the web content. The componentcomprising a template for generating hypertext markup language (HTML)embodying the component. The techniques further include receiving amodification to the component of the web content, wherein themodification includes instructions to include a content asset in thecomponent of the web content and detecting that the content asset ishosted on a third-party server. Additionally, the techniques includegenerating HTML for the web content, the HTML including an integrityhash value for the content asset based on the template.

Other aspects include corresponding methods, systems, apparatuses, andcomputer program products for these and other innovative aspects.

The features and advantages described herein are not all-inclusive andmany additional features and advantages will be apparent in view of thefigures and description. Moreover, it should be noted that the languageused in the specification has been principally selected for readabilityand instructional purposes and not to limit the scope of the techniquesdescribed.

BRIEF DESCRIPTION OF THE DRAWINGS

The techniques introduced herein are illustrated by way of example, andnot by way of limitation in the figures of the accompanying drawings inwhich like reference numerals are used to refer to similar elements.

FIG. 1 is a block diagram depicting an example computing environment inwhich content from a CDN has been compromised and loaded on a contentuser device.

FIG. 2 is a block diagram depicting an example computing environment inwhich content from a CDN has been compromised and not loaded on acontent user device.

FIG. 3 is a block diagram depicting an example computing environment 100in which content from a CDN has been compromised and not loaded on acontent user device.

FIG. 4 is a flow chart illustrating an example method for automaticallygenerating a verification hash value for a content asset hosted on acontent delivery network device according to the disclosed techniques.

FIG. 5 is a flow chart illustrating an example method for performing acontent integrity check according to the disclosed techniques.

FIG. 6 is a block diagram illustrating one embodiment of a computingdevice suitable for implementing the techniques and methods describedherein.

DETAILED DESCRIPTION

While existing web browsers support validation of web content assetsprovided by a third-party server (e.g., a CDN) by comparing a prior hashof a web content asset and a hash of the web content asset that iscalculated upon receiving the asset from the third-party server, thistechnique requires the content author to generate the hash and embed thehash in the web page or application used to access the web content. Forexample, when the web content is JavaScript hosted on a third-partyserver, the Hypertext Markup Language (HTML) that makes up the webpagemay include an integrity check similar to below:

<script src=‘https://example.com/example-framework.js’integrity=‘sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQIGYI1kPzQho1wx4JwY8wC’crossorigin=‘anonymous’></script>

This technique may not be possible for content authors who aregenerating web content via a content management system with a ‘what yousee is what you get (WYSIWYG) interface. Such systems may facilitatecontent authors being able to dynamically switch between and previewdifferent variants of a content asset (e.g., an image, JavaScriptmodule, etc.) to see the asset in context with other components of theweb page, add new variants of the asset for new target audiences, and tochange or remove existing components. For example, a content managementsystem such as Adobe® Experience Manager can maintain two sets of assetsfor web content: authoring content and published content. The authoringcontent can include edited components of electronic content, includingassets hosted by third-party servers, and/or experiences added ormodified by a content author. The published content can be created fromauthoring content in response to the content author explicitlyactivating electronic content, such as a web page, to publish thecontent. A single input or selection, such as a click, can activate(i.e., publish) the authoring content. When content is activated, thepublished content is synchronized between the content management systemand a production web server serving the live web content to web pagevisitors or application users.

However, since the content author is not typically able to (or may notknow how to) alter the HTML that is delivered to the end user, a hash ofan asset hosted on a third-party server cannot be included in the finalHTML page hosted by a web server. To solve this problem, the techniquesintroduced herein include a content management system, such as Adobe®Experience Manager, that automatically detects when a content author hasincluded a content asset in a project that is served by a third-partyserver (e.g., a CDN) and injects an integrity verification componentinto the HTML. In some embodiments, a content management system,according to the techniques introduced herein, may automatically detectan update to authoring content and detect whether a content asset from athird-party server is included in the authoring content. Upon detectingthe content asset from the third-party server, the content managementsystem creates a verification hash for the content asset and updates theHTML to include the verification hash. Additionally, the contentmanagement system may include an identification of the content asset andthe verification hash in a database of known content assets so that thecontent asset can be used in a separate project without having toregenerate the hash. Further, the content management system may injectfunctionality in the HTML to report a content asset that fails to matchthe verification hash. The report may be sent to the administrator ofthe web page and/or third-party server, for example.

Embodiments disclosed herein provide various advantages over existingsystems. Such benefits, for example, may include providing integratedand easy-to-use user interfaces that allow efficient creation andmodification of web content while maintaining security of content assetsthat are hosted by third-party servers included in the web content.

FIG. 1 is a block diagram depicting an example computing environment 100in which content from a CDN has been compromised. Applications edit,display, store, serve and otherwise use web and other electronic contenton the computing devices 110, 120, 130, and 140. Such applications areshown as functional components or modules. It should be apparent thatsuch applications and content may be resident in any suitablecomputer-readable medium and execute on any suitable processor. Asshown, the computing devices 110, 120, 130, and 140 respectivelycomprise a computer-readable medium such as random access memory (RAM)112, 122, 132, and 142 coupled to a processor 111, 121, 131, and 141configured to execute computer-executable program instructions and/oraccesses information stored in the memory 112, 122, 132, and 142. Suchprocessors 111, 121, 131, and 141 may each comprise a microprocessor, anapplication specific integrated circuit (ASIC), a state machine, orother processor, and can be any of a number of computer processors. Sucha processor can comprise, or may be in communication with acomputer-readable medium which stores instructions that, when executedby the processor, cause the processor to perform the techniquesintroduced herein.

A computer-readable medium, such as memory 112, 122, 132, and 142, maycomprise, but is not limited to, an electronic, optical, magnetic, orother storage device capable of providing a processor withcomputer-readable instructions. Other examples comprise, but are notlimited to, a floppy disk, compact disc read-only memory (CD-ROM),digital video disc (DVD), magnetic disk, memory chip, read only memory(ROM), RAM, an ASIC, a configured processor, optical storage, magnetictape or other magnetic storage, or any other medium from which acomputer processor can read instructions. The instructions may compriseprocessor-specific instructions generated by a compiler and/or aninterpreter from code written in any suitable computer-programminglanguage, including, for example, C, C++, C#, Visual Basic, Java,Python, Perl, JavaScript, and ActionScript.

Computing devices 110, 120, 130, and 140 may also comprise a number ofexternal or internal devices such as a mouse, a keyboard, a display,audio speakers, one or more microphones, or any other input or outputdevices. The display device can be used, for example, to render userinterfaces with which users interact. Computing devices 110, 120, 130,and 140 could be personal computing devices, mobile devices, webservers, file servers, database servers, CDNS, or any other type ofelectronic device appropriate for providing one or more of the featuresdescribed herein.

Computing devices 110, 120, 130, and 140 can include any suitablecomputing devices for hosting the respective modules shown in FIG. 1. Inembodiments, the computing devices 110, 120, 130, and 140 areimplemented as a single, integrated computing system. In alternative oradditional embodiments, one or more of computing devices 110, 120, 130,and 140 may include a virtual server implemented using multiplecomputing systems, clients, or servers connected in a grid or cloudcomputing topology. As described below with reference to FIG. 6, each ofthe processors 111, 121, 131, and 141 may be a single processor in amulti-core/multiprocessor system. Such a system can be configured tooperate alone with a single server or in a cluster of computing devicesoperating in a cluster or server farm.

The content creation/editing device 110 in FIG. 1 comprises a componenteditor 113 and a content editor 114 stored in memory 112. The editors113 and 114 may be part of a single application spread out intoindividual modules or functions. In alternative embodiments, one or moreof editors 113 and 114 can be hosted on a separate device. In yet otheralternative embodiments, multiple users (e.g., content authors) are ableto access one or more of editors 113 and 114 on one or more computingdevices to collaboratively create and edit web content. In oneembodiment, content creation/editing device 110 can host a contentmanagement system as described herein, where the content managementsystem includes editors 113 and 114.

Component editor 113, for example, may be used by a software engineer orcontent author to create and edit a component of web content. Forexample, a “component” may be a template instantiated as one or moreinstances in electronic content, each instance of the component havingcommon aspects derived from a template. Examples of components include,but are not limited to, a breadcrumbs bar, a download link, an image, avideo player, a dialog box, and a search box. For example, an imagebanner for a web page can be a component. Most (if not all) visualelements in a web page and other electronic content can be implementedas instances, variants, or versions of a component. In certainembodiments, components include items of content for a web page.Components and instances of components can be identified by a referenceor pointer, such as, for example, a Uniform Resource Locator (URL). Thepointer can identify a code snippet, such as, for example, a JavaScriptsnippet executable to load content at the identified URL.

The content editor 114, for example, could be used by a web sitedeveloper or content author to create web content using one or morecomponents created using the component editor 113. The content editor114 can be used to find and select assets, such as images, scripts,text, etc., that can be used to create web content. By interacting,using an input device, with the content editor 114, a content author candrag and drop a new asset to add the new asset to the unpublishedauthoring content 115. For example, an author can find an image relatedto the subject of the web content and drag that image to add the imageto the unpublished authoring content 115.

As used herein, the term “web content” refers to any type of resource ormedia that can be rendered for display on computing devices. Web contentcan include text or multimedia files, such as images, video, audio, orany combination thereof. Web content can also include applicationsoftware that is designed to perform one or more specific tasks at acomputing system or computing device. Computing devices include clientand server devices such as, but not limited to, servers, desktopcomputers, laptop computers, smart phones, video game consoles, smarttelevisions, tablet computers, portable gaming devices, personal digitalassistants (PDAs), etc. Web content can be streamed to, replicated to,downloaded by, and/or uploaded from computing devices. Web content caninclude multimedia hosted on web sites, such as Internet web sites,intranet web sites, standard web pages, or mobile web pages specificallyformatted for display on mobile computing devices. Web content may bedownloaded from a content provider server, a third-party server, such asa content delivery network server, or a combination thereof. Web contentcan also include application software developed for computing devicesthat is designed to perform one or more specific tasks at the computingdevice.

As shown in the example of FIG. 1, the content creation/editing device110 can store authoring content 115. The authoring content 115 includesweb page content edited using content editor 114 and/or web pagecomponents edited using component editor 113. The published content 116includes activated content replicated to a live content provider device(e.g., content provider device 130). This published content can includecontent for a live, active web content. Upon publication of theauthoring content 115 at the content creation/editing device 110, a copyof the authoring content 115 is saved as published content 116 and thenreplicated from the content creation/editing device 110 to a contentprovider device 130 via network 150. Network 150 may be a datacommunications network such as the Internet. In some embodiments,network 150 can be one or a combination of networks, such as theInternet, a Wide Area Network (WAN), WiFi, a Local Area Network (LAN),or any other wired or wireless network.

Although a single content provider device 130 is depicted in the exampleof FIG. 1, it is to be understood that in alternative embodiments, thepublished content 116 can be replicated to a plurality of contentprovider devices. In embodiments where the published content 116 iscontent of a web page, the published content 116 can be replicated fromthe content creation/editing device 110 to a web server, such as contentprovider device 130, serving the web page content to web page visitors.Such replication can be performed by a content synchronization servicevia network 150. In this way, published content 116 is simultaneouslyavailable to a user in a content viewer 143 of a content user device 140of the published content 116 and an author in content creation/editingdevice 110. In additional or alternative embodiments, the contentprovider device 130 can be embodied as a file server, database server,or cloud-based storage device configured to host a copy of the publishedcontent 116 and provide the published content 116 to users.

The content user device 140 shown in the example of FIG. 1 can be usedto access and display the published content 116. A web site visitor orother user can execute a content viewer 143 of the content user device140 to display, play or otherwise use the published content 116. Thecontent user device 140 can be any computing device capable of executinga content viewer 143 suitable for accessing and rendering the publishedcontent 116. For example, the content user device 140 can be a desktopcomputer, a laptop computer, a smart phone, a video game console, asmart television, a tablet computer, a portable gaming device, apersonal digital assistant (PDA), or the like. As shown in the exampleof FIG. 1, the content viewer 143 can be embodied as an Internet browserconfigured to render and use web site content included in the publishedcontent 116. In other embodiments, the content viewer 143 can beembodied as an application (e.g., a mobile application) configured torender and use the published content 116.

In certain embodiments, a content asset 123 can be stored on and servedfrom a third-party server, such as CDN device 120. CDN device 120 may beone of a network of globally distributed servers to provide highavailability and high performance when accessing the content asset 123.CDNs, or other third-party server arrangements, serve a large fractionof Internet content, including web objects (text, graphics and scripts),downloadable objects (media files, software, documents), applications(e-commerce, portals), live streaming media, on-demand streaming media,and social networks. While CDNs may improve performance of web contentby placing content assets closer on a network to the end user, thecontent provider loses control of the content asset 123. For example, anattacker can access the CDN and replace content asset 123 withcompromised content asset 123′ and security measures taken on contentprovider device 130 can be circumvented. The compromised content asset123′ may be used to load harmful software to content user device 140 ofany user who loads web content intended to include the content asset 123without an integrity check by loading the compromised content asset 123′as depicted in the example of FIG. 1.

FIG. 2 is a block diagram depicting an example computing environment 100in which content from a CDN has been compromised and not loaded on acontent user device. As described above, the techniques introducedherein include a content editor 114 on the content creation/editingdevice 110 that that generate HTML based on a content author'sinteraction with templates in a WYSIWYG user interface (UI). Thetemplates, according to the techniques introduced herein, include ascript to detect whether a content asset, included in a component of webcontent depicted in the WYSIWYG UI, is hosted on a third-party server,such as a CDN server and generate a verification hash value for thecontent asset. The script may be, for example, an HTML Template Language(HTL) script, or another templating language script. In one example,when a template includes a reference to a JavaScript content assethosted on a third-party server, the HTL script ‘sly-verify-integrity’may be included in the template as shown below:

<script src=‘https://example.com/example-framework.js’sly-verify-integrity=‘true’></script>.

When a content author publishes authoring content via the content editor114, the HTL script causes the content editor 114 to determine that thecontent asset 123 is hosted on a third-party server (e.g., CDN device120). In response to determining that the content asset is hosted on athird-party server, the content editor 114 downloads the content asset123 and generates a verification hash value for the content asset 123.In some embodiments, the content editor 114 stores the verification hashvalue for the content asset 123 with an identifier for the contentasset. The stored verification hash value can be used by the contenteditor 114 for use in including the verification hash value in HTML forother web content that includes the content asset 123 without having todownload and generate the verification hash value again.

As described above, an attacker can access the CDN and replace contentasset 123 with compromised content asset 123′ and security measurestaken on content provider device 130 can be circumvented. Thecompromised content asset 123′ may be used to load harmful software tocontent user device 140 of any user who loads web content intended toinclude the content asset 123. However, because the content editor 114,detects the content asset 123, generates a verification hash value forthe content asset 123, and includes the verification hash value inpublished content 116, content viewer 143 may validate the web contentasset 123 before loading the content asset. For example, the contentviewer 143 may calculate a verification hash value for the compromisedcontent asset 123′ and compare the calculated verification hash valuewith the verification hash value for the content asset 123 provided inthe HTML by the content editor 114. Since it is improbable that averification hash value calculated for the compromised content asset123′ will match the verification hash value provided for the contentasset 123, the content viewer 143 can refuse to load the compromisedcontent asset 123′ as depicted in the example of FIG. 2.

FIG. 3 is a block diagram depicting an example computing environment 100in which content from a CDN has been compromised and not loaded on acontent user device. Web content that a content author has published andpropagated to the content provider device 130 (e.g., published content116) may need to be updated. In other situations, multiple variants ofweb content that is tailored to particular users can be generated by acontent author. In either case, published content may be edited toinclude content assets from a third-party server. In the example of FIG.3, a content author has edited published content 116, and published theedits, to create published edited content 311. One of the edits thatcould be made by the content author is, for example, including a newcontent asset 321 hosted by the content delivery network device 120 inplace of content asset 123.

According to the techniques disclosed herein, the content editor 114automatically detects the edit to the published content 116 and detectsthat the new content asset 321 is server from content delivery networkdevice 120. Upon publishing edited content, the content editor 114creates a verification hash value for the new content asset 321 andupdates the HTML for the published edited content 311 to include theverification hash. When the content viewer 143 of the content userdevice 140 receives the published edited content 311 and requests thenew content asset 321, the content viewer 143 compares the verificationhash value for the new content asset 321 from the HTML of the publishededited content 311 and a verification hash value calculated for the newcontent asset 321 retrieved from the content delivery network device120. If the verification hash values match, the content viewer 143 ofthe content user device 140 loads the new content asset 321 as depictedin the example of FIG. 3.

FIG. 4 is a flow chart illustrating an example method for automaticallygenerating a verification hash value for a content asset hosted on acontent delivery network device according to the disclosed techniques.At 402, a content editor 114 of a content creation/editing device 110displays a visual layout of web content in a UI. For example, the UI maybe an authoring UI of a content management system (e.g., Adobe®Experience Manager) that allows a content author to drag and dropcomponents in a WYSIWIG fashion. The UI is configured to receivemodifications to a component of the web content. For example, thecontent author can interact with the UI to include an image or script inthe web content. The component, which can be authored using componenteditor 113, includes a template for generating HTML embodying thecomponent.

At 404, the UI of content editor 114 receives a modification to thecomponent of the web content. For example, the modification may includeinstructions to include a content asset in the component of the webcontent. In some embodiments, the content asset may be hosted on athird-party server, for example, a content delivery network server. At406, the content editor 114 detects that the content asset is hosted ona third-party server. For example, the content editor 114 may detectthat the location of the content asset includes a URL for a contentdelivery network.

At 408, the content editor 114 generates HTML for the web content. Forexample, in response to a user input to publish the content. Thetemplates for components used by the content author include instructionsfor generating the HTML. In particular, the templates include a scriptto generate an integrity hash value for content assets that are hostedon a third-party server. The script may include instructions to downloadthe content asset from the third party server and generate the integrityhash value for the content asset. The integrity hash value may becalculated by known, or specially developed, cryptographic hashalgorithms. For example, the content editor 114 may generate theintegrity hash value using the SHA-384 algorithm. Other hash algorithmsmay be used (e.g., Merkle-Damgard, Secure Hash Algorithm (SHA), and thelike).

At 410, the content editor 114 inserts a reporting script in the HTMLfor the web content. In some embodiments, the templates may includeinstructions to generate the reporting script. The reporting script,when executed by a content viewer 143 on a content user device 140,causes the content viewer 143 to report an integrity error when anintegrity hash value for a retrieved content asset does not match theintegrity hash value expected for the content asset.

FIG. 5 is a flow chart illustrating an example method for performing acontent integrity check according to the disclosed techniques. At 502, acontent viewer 143 of the content user device 140 receives web content.For example, a user may enter a URL for the web content in a web browserand requests the content associated with the URL. When the contentviewer 143 renders the HTML of the published content 116 received fromthe content provider device 130, at 504, the content viewer 143 requeststhe content asset 123 stored on the third-party server. At 506, thecontent viewer 143 generates an integrity hash value for the retrievedcontent asset and compares the generated integrity hash value with theexpected integrity hash value for the content asset included in theHTML. If, at 508, the integrity hash value for the retrieved contentasset matches the expected integrity hash value from the HTML, thecontent viewer 143 renders, at 510, the retrieved content asset.However, if at 508, the integrity hash value for the retrieved contentasset does not match the expected integrity hash value from the HTML,the content viewer 143, at 512, does not render the retrieved contentasset and, at 514, reports an integrity error to the content providerdevice 130. As used herein, rendering a content asset, means executingoperations to cause the content asset to the intended result. Forexample, rendering may include displaying an image, executing a script,generating audio and/or video, etc.

Any suitable computing system or group of computing systems can be usedto implement the techniques and methods described herein. For example,as described above, an image editing application exposes an image forediting to a user, generates fill polygons corresponding to empty areasbetween a frame and an image, and applies a content aware fill operationto fill the empty areas with pixels from the image. FIG. 6 is a blockdiagram illustrating one embodiment of a computing device (e.g.,personal computer, mobile device, cloud computing system, etc.) 600suitable for implementing the techniques and methods described herein.The computing device 600 may include a processor 602, a memory 604, acommunication interface module 606, input/output device(s) 608, and datastorage 610 according to some examples. The components of the computingdevice 600 are communicatively coupled by a bus or softwarecommunication mechanism 620. The bus 620 may represent one or more busesincluding an industry standard architecture (ISA) bus, a peripheralcomponent interconnect (PCI) bus, a universal serial bus (USB), or someother bus known in the art to provide similar functionality.

The processor 602 may execute software instructions by performingvarious input/output, logical, and/or mathematical operations. Theprocessor 602 may be physical and/or virtual, and may include a singleprocessing unit or a plurality of processing units and/or cores. Theprocessor 602 may comprise a microprocessor, an application specificintegrated circuit, a state machine, or other processing device. In someimplementations, the processor 602 may be coupled to the memory 604 viathe bus 620 to access data and instructions therefrom and store datatherein. The bus 620 may couple the processor 602 to the othercomponents of the computing device 600 including, for example, thememory 604, the communication interface module 606, and the data storage610. It will be apparent that other processors, operating systems,sensors, displays, and physical configurations are possible.

The memory 604 may store and provide access to data for the othercomponents of the computing device 600. The memory 604 may be includedin a single computing device or distributed among a plurality ofcomputing devices. In some implementations, the memory 604 may storeinstructions 630 that may be executed by the processor 602 and/or data632 that may be manipulated by the processor 602. The instructions 630may include code for performing the techniques described herein. Thememory 604 is also capable of storing other instructions and data,including, for example, an operating system, hardware drivers, othersoftware applications, databases, etc. The memory 604 may be coupled tothe bus 620 for communication with the processor 602 and the othercomponents of the computing device 600.

The memory 604 may include one or more non-transitory computer-usable(e.g., readable, writeable) devices, for example, a dynamic randomaccess memory (DRAM) device, a static random access memory (SRAM)device, an embedded memory device, a discrete memory device (e.g., aPROM, FPROM, ROM), a hard disk drive, an optical disk drive e.g., CD,DVD), or the like, which can be any tangible apparatus or device thatcan contains, stores, communicates, or sports instructions, data,computer programs, software, code, routines, etc., for processing by, orin connection with, the processor 602. In some implementations, thememory 604 may include one or more of volatile memory and non-volatilememory. It should be understood that the memory 604 may be a singledevice or may include multiple types of devices and configurations.

The communication interface module 606 is hardware and/or software forreceiving and transmitting data by linking the processor 602 to anetwork or other processing systems. The communication interface module606 may receive data and/or instructions and transmit the data and/orinstructions to the processor 602 for execution. In one embodiment, thecommunication interface module 606 may include a port for directphysical connection to a communication channel. The communicationinterface module 606 may also or alternatively include a wirelesstransceiver for transmitting and receiving instructions and/or datausing one or more wireless communication methods, such as IEEE 802.11,IEEE 802.16, Bluetooth®, or another suitable wireless communicationmethod.

The input/output device(s) 608 may be internal or external devices thatfacilitate communication between the computing device 600 and a humanuser. For example, the input/output devices may include a keyboard,touchscreen display, microphone, speakers, etc.

The data storage 610 may include storage device(s) 612 that provide anon-transitory memory to store data for providing the functionalitydescribed herein. In some embodiments, the storage device(s) 612 mayinclude a non-volatile memory or similar permanent storage device andmedia including a hard disk drive, a floppy disk drive, a CD-ROM device,a DVD-ROM device, a DVD-RAM device, a DVD-RW device, a flash memorydevice, or some other mass storage device for storing information.

In the above description, for purposes of explanation, numerous specificdetails are set forth in order to provide a thorough understanding ofthe techniques introduced above. It will be apparent, however, to oneskilled in the art that the techniques can be practiced without thesespecific details. In other instances, structures and devices are shownin block diagram form in order to avoid obscuring the description andfor ease of understanding.

Reference in the specification to “one embodiment” or “an embodiment”means that a particular feature, structure, or characteristic describedin connection with the embodiment is included in at least oneembodiment. The appearances of the phrase “in one embodiment” in variousplaces in the specification are not necessarily all referring to thesame embodiment.

The foregoing description of the embodiments has been presented for thepurposes of illustration and description. It is not intended to beexhaustive or to limit the specification to the precise form disclosed.Many modifications and variations are possible in light of the aboveteaching. It is intended that the scope of the embodiments be limitednot by this detailed description, but rather by the claims of thisapplication. As will be understood by those familiar with the art, theexamples may be embodied in other specific forms without departing fromthe spirit or essential characteristics thereof. Likewise, theparticular naming and division of the modules, routines, features,attributes, methodologies and other aspects are not mandatory orsignificant, and the mechanisms that implement the description or itsfeatures may have different names, divisions and/or formats.Furthermore, as will be apparent to one of ordinary skill in therelevant art, the modules, routines, features, attributes, methodologiesand other aspects of the specification can be implemented as software,hardware, firmware or any combination of the three. Also, wherever acomponent, an example of which is a module, of the specification isimplemented as software, the component can be implemented as astandalone program, as part of a larger program, as a plurality ofseparate programs, as a statically or dynamically linked library, as akernel loadable module, as a device driver, and/or in every and anyother way known now or in the future to those of ordinary skill in theart of computer programming. Additionally, the specification is in noway limited to embodiment in any specific programming language, or forany specific operating system or environment. Accordingly, thedisclosure is intended to be illustrative, but not limiting, of thescope of the specification, which is set forth in the following claims.

What is claimed is:
 1. A method comprising: displaying, in a userinterface (UI) of a computing device, a visual layout of web content,the UI configured to receive modifications to a component of the webcontent, wherein the component comprises a template for generatinghypertext markup language (HTML) embodying the component; receiving, atthe computing device, a modification to the component of the webcontent, wherein the modification includes instructions to include acorresponding content asset in the component of the web content;detecting, by the computing device and in response to receiving themodification to the component, that the corresponding content asset ishosted on a third-party server; and generating, based on the detectingthat the content asset is hosted on a third-party server, HTML for theweb content, the HTML including an integrity hash value for the contentasset generated by the template, the integrity hash value distinguishingthe content asset from an illicit version of the content asset stored byan unauthorized party on the third-party server for purposes ofdeceptive downloading thereof to a content user device, wherein thetemplate includes a detecting script configured to execute the detectingthat the content asset is hosted on the third-party server, and agenerating script configured to execute the generating of the HTML forthe web content.
 2. The method of claim 1, further comprising:propagating, by the computing device, HTML for the web content to a webserver, the HTML for the web content including the integrity hash valuefor the content asset.
 3. The method of claim 1, wherein generating HTMLfor the web content further comprises: inserting, by the computingdevice, a reporting script in the HTML for the web content, thereporting script configured to cause a client device to report anintegrity error when an integrity hash value for a retrieved contentasset does not match the integrity hash value for the content asset. 4.The method of claim 1, further comprising: storing, by the computingdevice, the integrity hash along with a reference to the content asset;and retrieving, by the computing device, the integrity hash in responseto the content asset being used in a second component of the webcontent.
 5. The method of claim 1, further comprising: receiving, by thecomputing device, an input to publish the web content, wherein detectingthat the content asset is hosted on a third-party server and generatingHTML for the web content ensue in response to the input.
 6. The methodof claim 1, wherein the detecting script is further configured to detectthat the content asset is hosted on the third-party server includingdetecting that a location of the content asset includes a UniformResource Locator (URL) for a content delivery network server, and thegenerating script is further configured to execute the generating of theintegrity hash value.
 7. A system comprising; one or more processors;and a memory, the memory storing instructions, which when executed causethe one or more processors to: display, in a user interface (UI), avisual layout of web content, the UI configured to receive modificationsto a component of the web content, wherein the component comprises atemplate for generating hypertext markup language (HTML) embodying thecomponent; receive a modification to the component of the web content,wherein the modification includes instructions to include acorresponding content asset in the component of the web content; detect,in response to receiving the modification to the component, that thecorresponding content asset is hosted on a third-party server; andgenerate, based on the detection that the content asset is hosted on thethird-party server, HTML for the web content, the HTML including anintegrity hash value for the content asset generated by the template,the integrity hash value distinguishing the content asset from anillicit version of the content asset stored by an unauthorized party onthe third-party server for purposes of deceptive downloading thereof toa content user device, wherein the template includes a detecting scriptconfigured to execute the detecting that the content asset is hosted onthe third-party server, and a generating script configured to executethe generating of the HTML for the web content.
 8. The system of claim7, wherein the instructions further cause the one or more processors to:propagate HTML for the web content to a web server, the HTML for the webcontent including the integrity hash value for the content asset.
 9. Thesystem of claim 7 wherein, to generate HTML for the web content, theinstructions further cause the one or more processors to: insert areporting script in the HTML for the web content, the reporting scriptconfigured to cause a client device to report an integrity error when anintegrity hash value for a retrieved content asset does not match theintegrity hash value for the content asset.
 10. The system of claim 7,wherein the instructions further cause the one or more processors to:store the integrity hash along with a reference to the content asset;and retrieve the integrity hash in response to the content asset beingused in a second component of the web content.
 11. The system of claim7, wherein the instructions further cause the one or more processors todetect that the content asset is hosted on a third-party server andgenerate HTML for the web content ensue in response to receiving aninput to publish the web content.
 12. The system of claim 7, wherein thethird-party server is a content delivery network server.
 13. Anon-transitory computer readable medium storing instructions which, whenexecuted by a computer, cause the computer to perform operationscomprising: displaying, in a user interface (UI) of a computing device,a visual layout of web content, the UI configured to receivemodifications to a component of the web content, wherein the componentcomprises a template for generating hypertext markup language (HTML)embodying the component; receiving a modification to the component ofthe web content, wherein the modification includes instructions toinclude a corresponding content asset in the component of the webcontent; detecting, in response to receiving the modification to thecomponent, that the content asset is hosted on a third-party server; andgenerating, based on the detecting that the content asset is hosted onthe third-party server, HTML for the web content, the HTML including anintegrity hash value for the content asset generated by the template,the integrity hash value distinguishing the content asset from anillicit version of the content asset stored by an unauthorized party onthe third-party server for purposes of deceptive downloading thereof toa content user device, wherein the template includes a detecting scriptconfigured to execute the detecting that the content asset is hosted onthe third-party server, and a generating script configured to executethe generating of the HTML for the web content.
 14. The computerreadable medium of claim 13, the operations further comprising:propagating HTML for the web content to a web server, the HTML for theweb content including the integrity hash value for the content asset.15. The computer readable medium of claim 13, wherein generating HTMLfor the web content further comprises: inserting a reporting script inthe HTML for the web content, the reporting script configured to cause aclient device to report an integrity error when an integrity hash valuefor a retrieved content asset does not match the integrity hash valuefor the content asset.
 16. The computer readable medium of claim 13, theoperations further comprising: storing the integrity hash along with areference to the content asset; and retrieving the integrity hash inresponse to the content asset being used in a second component of theweb content.
 17. The computer readable medium of claim 13, theoperations further comprising: receiving an input to publish the webcontent, wherein detecting that the content asset is hosted on athird-party server and generating HTML for the web content ensue inresponse to the input.
 18. The computer readable medium of claim 13,wherein the third-party server is a content delivery network server.